Lucene search
K
PtsecurityMost viewed

184491 matches found

Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50782

Name of the Vulnerable Software and Affected Versions pam usb versions prior to 0.9.2 Description pam usb provides hardware authentication for Linux using removable media. The software calls the xmlReadFile function with flags=0 when loading the configuration file, which allows libxml2 to process...

6.7CVSS5.8AI score0.00115EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50744

Name of the Vulnerable Software and Affected Versions Grav versions prior to 1.7.53 Description An authenticated administrator with backup permissions can download a ZIP archive containing the full installation root. This archive includes sensitive files such as user/accounts/admin.yaml, which...

6.8CVSS6AI score0.00174EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50774

Name of the Vulnerable Software and Affected Versions AzeoTech DAQFactory versions prior to 21.2 Description A Type Confusion issue exists where an attacker can use specially crafted .ctl files to achieve arbitrary code execution. Type Confusion occurs when a program accesses a resource using a...

8.4CVSS6.1AI score0.00148EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50685

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in David Lingren Media LIbrary Assistant allows Blind SQL Injection. This issue affects Media LIbrary Assistant: from n/a through 3.35...

8.5CVSS5.5AI score0.00211EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50673

UBB.threads is vulnerable to Denial of Service DoS. By sending multiple concurrent requests to view any user profile on instances with many registered users, an authenticated attacker can easily exhaust database resources and completely deny access to the application for other users. Because vend...

7.1CVSS5.3AI score0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.20 views

PT-2026-50629

The Optimole – Optimize Images | Convert WebP & AVIF | CDN & Lazy Load | Image Optimization plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.6. This is due to missing or incorrect nonce validation on the replace file function. This makes i...

4.3CVSS5.3AI score0.00157EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50478

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.6 Description An authorization bypass exists in the calendar event update process. The endpoint '/api/v1/calendars/events/event id/update' validates that the user has write access to the calendar where the even...

4.3CVSS5.9AI score0.00179EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50312

Subscriber Broken Access Control in Bricks Builder = 2.1.4 versions...

4.3CVSS5.2AI score0.00243EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50218

Name of the Vulnerable Software and Affected Versions Google Chrome on Mac versions prior to 149.0.7827.155 Description A race condition in the Updater allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape. This is achieved through the use of a...

9.6CVSS5.9AI score0.00601EPSS
Exploits0References41
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50337

Unauthenticated SQL Injection in JetEngine = 3.8.9.1 versions...

9.3CVSS5.7AI score0.00372EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50437

Name of the Vulnerable Software and Affected Versions Dell PowerFlex Manager version 4.6.0.1 Description Use of a broken or risky cryptographic algorithm allows an unauthenticated attacker with remote access to potentially cause information disclosure and information tampering. Recommendations At...

4.8CVSS5.9AI score0.001EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50254

The Counter Box – Add Countdowns, Timers & Dynamic Counters to WordPress plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.0.13 via deserialization of untrusted input . This makes it possible for authenticated attackers, with administrator-level...

6.6CVSS6AI score0.00535EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50558

In SignalRGB versions prior to 1.3.7.0, the .SignalIo device object is created without an explicit SDDL security descriptor and without FILE DEVICE SECURE OPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and iss...

5.2AI score0.00087EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50188

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 149.0.7827.155 Description An inappropriate implementation in WebView allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page....

9.6CVSS5.9AI score0.00601EPSS
Exploits0References39
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50318

Subscriber Arbitrary File Upload in Ecommerce Zone = 0.9.7 versions...

9.9CVSS5.2AI score0.00434EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50536

Shaarli is a personal bookmarking service. Versions 0.16.1 and prior contain a stored Cross-Site Scripting XSS vulnerability in the tag filtering functionality of Shaarli. An authenticated user can inject arbitrary JavaScript into the tags field when creating a bookmark Shaare. The malicious...

4.8CVSS5.3AI score0.00115EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50532

Name of the Vulnerable Software and Affected Versions Punto Switcher affected versions not specified Description An unquoted-path flaw allows the execution of attacker-placed code at the user's privilege level. This issue occurs during a call made by a signed Windows binary at launch, enabling...

8.5CVSS6.5AI score0.00149EPSS
Exploits0References14
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50236

Name of the Vulnerable Software and Affected Versions Package Manager affected versions not specified Description A missing permission check in Package Manager allows for a device lock controller bypass. This issue enables local escalation of privilege without requiring additional execution...

10CVSS5.5AI score0.00218EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50228

RadiX AX6600 WiFi 6 Tri-Band Gaming Router contains an OS command injection vulnerability, which may lead to arbitrary command execution with the root privilege by a user who logs in to the web console as an administrator...

8.6CVSS5.7AI score0.01786EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50314

Unauthenticated Broken Access Control in User Registration Stripe = 1.3.14 versions...

8.2CVSS5.2AI score0.00244EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50256

Name of the Vulnerable Software and Affected Versions Regesta Smart HD-PLC - TLDPH16D2 version 11.02.05.10.02 Description A network attacker can obtain privileged information without requiring registration. This information disclosure occurs by using the Version command through the endpoint...

6.9CVSS5.9AI score0.00394EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50257

Name of the Vulnerable Software and Affected Versions Regesta Smart HD-PLC - TLDPH16D2 version 11.02.05.10.02 Description A network-based attacker can cause a Denial of Service DoS on the web interface of the device using a Slow Loris attack. This technique involves sending partial HTTP requests...

6.9CVSS6AI score0.00394EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50412

Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...

6.5CVSS5.2AI score0.00351EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50264

Allow authenticated users to access alert instances associated with alert groups they do not have permission to access. in Apache DolphinScheduler. This issue affects Apache DolphinScheduler: before 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes the issue...

5.3AI score0.00433EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50239

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A logic error in the transfer function of the PackageInstaller.Session class within frameworks/base/services/core/java/com/android/server/pm/PackageInstallerSession.java allows for a memory...

10CVSS6AI score0.00125EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50244

Name of the Vulnerable Software and Affected Versions LearnPress versions prior to 4.3.7 Description An information disclosure issue exists where the edit context on a REST endpoint is not properly restricted by the edit users capability. This allows unauthenticated visitors to retrieve sensitive...

5.3CVSS5.8AI score0.00424EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50248

Three NVIDIA NeMo vulnerabilities CVE-2026-24155, CVE-2026-24252, CVE-2026-24228 enable code execution. Update NeMo Framework to v2.7.3 now. NVIDIA NeMo CVE202624155 AISecurity InfoSec https://t.co/VykvC24Ed4 https://t.co/93wJfksSbS...

7.8CVSS5.4AI score0.00193EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50225

In SettingsLib, there is a possible way to disable system components due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.5AI score0.0008EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50263

Incorrect Authorization vulnerability allows users to access workflow instance information belonging to projects they do not have permission to access. This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

5.3AI score0.00312EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50582

Name of the Vulnerable Software and Affected Versions Drupal Formatter Field versions 0.0.0 through 2.0.0 Description Improperly controlled modification of dynamically-determined object attributes in the Formatter Field module allows for Object Injection. This occurs because the module stores dat...

6.1AI score0.00173EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50611

Name of the Vulnerable Software and Affected Versions Flag attendance field versions 0.0.0 through 1.2 Description An Object Injection issue exists in the Flag attendance field module due to the improper control of modification of dynamically-determined object attributes. The module stores data a...

6.1AI score0.00173EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50394

Name of the Vulnerable Software and Affected Versions Zephyr versions 1.7 through 4.4.0 Description The Bluetooth Classic Hands-Free Profile HFP Hands-Free role parser in subsys/bluetooth/host/classic/hfp hf.c contains an out-of-bounds write. During Service Level Connection setup, the Hands-Free ...

7.1CVSS5.8AI score0.00282EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.20 views

PT-2026-50190

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.155 Description A use after free issue in DigitalCredentials on Windows allows a remote attacker to potentially perform a sandbox escape by using a crafted HTML page. Use after free occurs when an...

9.6CVSS6.1AI score0.00601EPSS
Exploits0References41
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49776

Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.5.26 Description An issue exists in hostname validation where trailing-dot notation in model or workspace-derived URLs can be used to bypass blocklist comparisons. This occurs because hostname checks treat hosts...

6.5CVSS5.2AI score0.0021EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-50089

Unauthenticated Local File Inclusion in Thegov Core 2.0.23 versions...

8.1CVSS5.2AI score0.00338EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49972

Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Agent Next Gen component of the Oracle Enterprise Manager Base Platform. A low privileged attacker wit...

8.8CVSS5.9AI score0.00432EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49926

Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Database User. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity...

9.9CVSS5.3AI score0.00402EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49986

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. An unauthenticated attacker with network access via JDENET can compromise th...

9.8CVSS5.8AI score0.00483EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49866

Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Mainframe Connectors. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

9.9CVSS5.3AI score0.00411EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49927

Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Generic Unix Connector. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise...

9.9CVSS5.3AI score0.00432EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-50164

Name of the Vulnerable Software and Affected Versions Crawl4AI versions prior to 0.8.7 Description The safe eval expression function in the computed fields feature uses an AST Abstract Syntax Tree validator that only blocks attributes starting with an underscore. Because Python generator and fram...

10CVSS6AI score0.0045EPSS
Exploits2References15
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-50059

Name of the Vulnerable Software and Affected Versions Oracle Project Portfolio Analysis versions 12.2.3 through 12.2.15 Description An issue exists in the Internal Operations component of the Oracle Project Portfolio Analysis product within Oracle E-Business Suite. A high privileged attacker with...

7.2CVSS5.8AI score0.00453EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49985

Name of the Vulnerable Software and Affected Versions JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.26.2 Description An issue exists in the Enterprise Infrastructure Security component of Oracle JD Edwards. An unauthenticated attacker with network access via JDENET can compromise th...

9.8CVSS5.8AI score0.00483EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49912

Name of the Vulnerable Software and Affected Versions Oracle WebCenter Enterprise Capture version 12.2.1.4.0 Oracle WebCenter Enterprise Capture version 14.1.2.0.0 Description An issue exists in the Client Bundle component of the Oracle WebCenter Enterprise Capture product within Oracle Fusion...

9.9CVSS5.8AI score0.00402EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49968

Name of the Vulnerable Software and Affected Versions MySQL Router versions 9.0.0 through 9.7.0 Description An issue in the General component of MySQL Router allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful exploitation can lead to a complete...

9.8CVSS5.8AI score0.00508EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-50064

Name of the Vulnerable Software and Affected Versions Oracle Universal Work Queue versions 12.2.3 through 12.2.15 Description An issue exists in the Work Provider Site Level Administration component of the Oracle Universal Work Queue product within Oracle E-Business Suite. A low privileged attack...

8.8CVSS5.8AI score0.00402EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49867

Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

7.5CVSS5.3AI score0.00311EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49817

In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation...

8.8CVSS6.2AI score0.00231EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-50000

Name of the Vulnerable Software and Affected Versions Oracle JD Edwards EnterpriseOne General Ledger version 9.2 Description A flaw in the E1 Foundation component allows a low-privileged attacker with network access via SMB Server Message Block, a network file sharing protocol to compromise the...

9.9CVSS5.8AI score0.00301EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.20 views

PT-2026-49603

Name of the Vulnerable Software and Affected Versions Zyxel GS1900-48HPv2 versions prior to 2.90ABTQ.1C0 Description A stack-based buffer overflow exists in the CGI program. This flaw allows an unauthenticated attacker on the local area network LAN to potentially execute operating system commands...

8.8CVSS5.8AI score0.00315EPSS
Exploits0References6
Total number of security vulnerabilities5000